Skip to content

Commit 9fdcd9b

Browse files
DMontgomery40DMontgomery40
committed
fix(build): quote unquoted string literals in examples
1 parent e43bda3 commit 9fdcd9b

File tree

1 file changed

+11
-11
lines changed

1 file changed

+11
-11
lines changed

src/lib/proactiveControlsData.js

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -41,7 +41,7 @@ const proactiveControlsData = {
4141
<ul>
4242
<li>HTTP verb tampering (<code>DELETE</code> → <code>GET</code>, etc.)</li>
4343
<li>Path traversal/encoding (<code>..%2Fadmin</code>, double slashes)</li>
44-
<li>Header overrides (<code>X-Original-URL</code>, <code>X-Forwarded-For: 127.0.0.1</code>)</li>
44+
<li>Header overrides (<code>X-Original-URL</code>, <code>X-Forwarded-For: '127.0.0.1'</code>)</li>
4545
</ul>
4646
Record any request that evades the control.</li>
4747
<li><strong>Session Fixation &amp; Prediction</strong> – With Burp Intruder, fuzz captured session cookies and monitor for collisions that return HTTP 200.</li>
@@ -154,7 +154,7 @@ location /admin {
154154
<li><strong>Nginx WAF</strong> – Compile ModSecurity v3 with OWASP CRS. Enable rule 941100.</li>
155155
<li><strong>Helmet Middleware</strong> – <code>app.use(require('helmet')({ contentSecurityPolicy: { directives: { defaultSrc:["'self'"] } } }))</code></li>
156156
<li><strong>Template Auto-escaping</strong> – Switch from EJS to Pug/Handlebars which encode output by default.</li>
157-
<li><strong>Elastic SIEM Rule</strong> – <code>url.path : "*<script*"</code> OR <code>query : "%3Cscript%3E"</code></li>
157+
<li><strong>Elastic SIEM Rule</strong> – <code>url.path : "*&lt;script*>"</code> OR <code>query : "%3Cscript%3E"</code></li>
158158
<li><strong>Unit Tests</strong> – Use <code>@jest/expect</code> to assert that user input appears only under <code>textContent</code>, not <code>innerHTML</code>.</li>
159159
</ol>
160160
`
@@ -187,7 +187,7 @@ location /admin {
187187
<ul>
188188
<li>HTTP verb tampering (<code>DELETE</code> → <code>GET</code>, etc.)</li>
189189
<li>Path traversal/encoding (<code>..%2Fadmin</code>, double slashes)</li>
190-
<li>Header overrides (<code>X-Original-URL</code>, <code>X-Forwarded-For: 127.0.0.1</code>)</li>
190+
<li>Header overrides (<code>X-Original-URL</code>, <code>X-Forwarded-For: '127.0.0.1'</code>)</li>
191191
</ul>
192192
Record any request that evades the control.</li>
193193
<li><strong>Session Fixation &amp; Prediction</strong> – With Burp Intruder, fuzz captured session cookies and monitor for collisions that return HTTP 200.</li>
@@ -288,7 +288,7 @@ Process.Start(new ProcessStartInfo {
288288
<h5>2. AppLocker Rules</h5>
289289
<pre class="bg-gray-900 p-2 text-gray-100 rounded"><code>
290290
# PowerShell command to create AppLocker rule
291-
New-AppLockerPolicy -RuleType Path -PathCondition "C:\\Windows\\*" -User Everyone -Action Allow
291+
New-AppLockerPolicy -RuleType Path -PathCondition "C:\\Windows\\*" -User 'Everyone' -Action 'Allow'
292292
</code></pre>
293293
<h5>3. Windows Defender Application Control</h5>
294294
<p>Enable and configure WDAC policies to restrict executable files.</p>
@@ -421,9 +421,9 @@ chmod u-s /path/to/unnecessary/suid/binary
421421
blueTeamLinux: `
422422
<h4>Blue Team Playbook – Linux / Docker / Node</h4>
423423
<ol>
424-
<li><strong>TLS-only Ingress</strong> – Terminate TLS at Nginx with <code>ssl_protocols TLSv1.2 TLSv1.3;</code> and <code>ssl_ciphers EECDH+AESGCM</code>.</li>
424+
<li><strong>TLS-only Ingress</strong> – Terminate TLS at Nginx with <code>ssl_protocols TLSv1.2 TLSv1.3;</code> and <code>ssl_ciphers 'EECDH+AESGCM'</code>.</li>
425425
<li><strong>Kubernetes Secret</strong> – Mount secrets via <code>envFrom: secretRef</code>; ensure <code>fsGroup</code> is non-root.</li>
426-
<li><strong>Runtime Scan</strong> – Deploy <code>trivy fs /app</code> in CI; fail build if HIGH vulns &gt; 0.</li>
426+
<li><strong>Runtime Scan</strong> – Deploy <code>trivy fs /app</code> in CI; fail build if HIGH vulns > 0.</li>
427427
<li><strong>Elastic Alert</strong> – Watch for <code>"POST /login HTTP/1.1" 200</code> over plaintext port 80.</li>
428428
<li><strong>openssl Config</strong> – Disable legacy provider and weak ciphers in <code>/etc/ssl/openssl.cnf</code>.</li>
429429
</ol>
@@ -508,7 +508,7 @@ $xml = simplexml_load_string($xmlstr, 'SimpleXMLElement',
508508
<h5>2. PHP Configuration</h5>
509509
<pre class="bg-gray-900 p-2 text-gray-100 rounded"><code>
510510
# php.ini settings
511-
libxml.disable_entity_loader = On
511+
libxml.disable_entity_loader = 'On'
512512
</code></pre>
513513
`,
514514
blueTeamLinux: `
@@ -583,8 +583,8 @@ SecRule REQUEST_BODY "@contains <!ENTITY" \
583583
blueTeamMac: `
584584
<h4>Blue Team Playbook – macOS / Apache + PHP</h4>
585585
<ol>
586-
<li><strong>Disable Modules</strong> – Comment out unused modules in <code>httpd.conf</code> (<code>cgi</code>, <code>status</code>, <code>info</code>).</li>
587-
<li><strong>Secure Defaults</strong> – <code>Options -Indexes</code>, <code>ServerTokens Prod</code>, <code>ServerSignature Off</code>.</li>
586+
<li><strong>Disable Modules</strong> – Comment out unused modules in <code>httpd.conf</code> (<code>'cgi'</code>, <code>'status'</code>, <code>'info'</code>).</li>
587+
<li><strong>Secure Defaults</strong> – <code>Options '-Indexes'</code>, <code>ServerTokens 'Prod'</code>, <code>ServerSignature 'Off'</code>.</li>
588588
<li><strong>mod_security CRS</strong> – Enable rules 930100-931000 (protocol violations).</li>
589589
<li><strong>Automated Audit</strong> – <code>lynis audit system --tests-from-group apache,php</code>; fix score &lt; 80.</li>
590590
<li><strong>Log Rotation &amp; Monitoring</strong> – Use <code>fail2ban</code> jail <code>apache-badbots</code> and ship logs to Wazuh.</li>
@@ -786,7 +786,7 @@ server {
786786
</code></pre>
787787
<h5>2. HSTS Header</h5>
788788
<pre class="bg-gray-900 p-2 text-gray-100 rounded"><code>
789-
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
789+
'Strict-Transport-Security: max-age=31536000; includeSubDomains; preload'
790790
</code></pre>
791791
`
792792
},
@@ -973,7 +973,7 @@ tail -f /var/log/auth.log
973973
<ol>
974974
<li><strong>Trivy in CI</strong> – <code>trivy image --severity HIGH,CRITICAL myapp:latest</code>.</li>
975975
<li><strong>Snyk Monitor</strong> – <code>snyk monitor --org=myteam</code>; receive email alerts on new CVEs.</li>
976-
<li><strong>Base-Image Hygiene</strong> – Use <code>FROM node:18-slim</code> not <code>latest</code>. Apply weekly rebuilds.</li>
976+
<li><strong>Base-Image Hygiene</strong> – Use <code>FROM node:18-slim</code> not <code>'latest'</code>. Apply weekly rebuilds.</li>
977977
<li><strong>Readonly Root FS</strong> – In Kubernetes set <code>readOnlyRootFilesystem: true</code> to limit malicious package writes.</li>
978978
<li><strong>CVE Patch Window</strong> – Policy: deploy patch within 7 days (critical) / 30 days (high).</li>
979979
</ol>

0 commit comments

Comments
 (0)